Here's my useful form validation:

/^\s*([-a-z0-9&\'*+.\/=?^_{}~]+@([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.)+[a-z]{2,5}\s*(,\s*|\z))+$/i

It may not catch EVERYTHING, but should work just fine for most
people. It will allow multiple email addresses separated by commas.

I figure if you want to go beyond that, a verification system would be
the next logical step.

-Jeff

On Thu, Jan 05, 2006 at 03:19:09AM +0900, Jacob Fugal wrote:
> On 1/4/06, Andreas S. <f / andreas-s.net> wrote:
> > Jacob Fugal wrote:
> > > On 1/4/06, Andreas S. <f / andreas-s.net> wrote:
> > >> Tim Fletcher wrote:
> > >> > By "error prone" do you mean that it won't detect addresses that don't
> > >> > exist?
> > >>
> > >> No, I mean that it might declare some addresses invalid although they
> > >> aren't.
> > >
> > > You'll see from my comments in the original post[1] and in my reply to
> > > David Black in the other thread[2] that this regex is indeed compliant
> > > with a single, non-named address as defined by the RFC[3].
> >
> > Possibly. Still, I prefer a simple solution over a complicated one. What
> > type of errors do you hope to catch with this huge regex? Typing errors?
> > Deliberately entered rubbish? The regex accepts just about anything with
> > a "@", e.g. "$@$".
> 
> Not possibly. Gauranteed. It's compliant to the portions of the RFC I mentioned.
> 
> Still, I'll concede it doesn't prevent rubbish from being entered. The
> domain of valid email addresses is much larger than the domain of
> *actual* email addresses. I'm not claiming that this regex should even
> be used for form validation. I dislike email validation period. My
> intent in first writing the regex two years ago and bringing it up
> again now is mostly:
> 
> 1) To show off my regex-fu
> 2) To demonstrate the inadequacy of simplistic regexes for email validation.
> 
> For instance, I'll often use the "name+tag@domain" construct to filter
> mail and/or determine who's selling my address. When I find a form
> that claims that email address is invalid, I get upset. As such, I've
> taken it as my own personal crusade to punch down inadequate email
> validations whenever I see them. My method is to demonstrate a regex
> that does allow valid addresses. My first hope is that they'll notice
> the futility and just remove the email address validation altogether.
> If that fails, I hope they'll actually use the compliant regex.
> 
> The only reason I defended the regex was because you claimed it was
> invalid. If you're original argument had been that the regex was
> unnecessary, I'd probably have agreed with you. Validating email
> addresses by form is pointless. If someone doesn't want to give you
> their address, they won't. Requiring them to input a valid fake
> address instead of an invalid fake address doesn't improve your data
> at all. The only reason I can see that being necessary is to prevent
> malformed addresses from breaking your application in some way. But if
> that's a problem, fix the application, not the email address.
> 
> Jacob Fugal
>